Version 8.18.00 Release Notes

Summary: High-level overview of changes/updates included in RiskSense Version 8.18.00.

The RiskSense platform version 8.18.00 update includes the following features and enhancements: 

New Features

RS³ Simulator

An interactive RiskSense Security Score (RS³) simulation tool is now available at the top of the Asset Detail pane. This tool allows a user to explore the parameters that contribute to an asset’s RS³ under the enhanced RS³ v2 scoring methodology (coming late Q3 2020) and previews that asset’s new score under the updated algorithm. More information can be found here.

Custom Sorting by Column in List Views

A new sorting option has been introduced in the List View architecture. Users may now directly click the header of most columns to instantly sort that list view by the chosen column. The existing multi-column drop down selection also remains available for use. Sortable columns are labeled in the Settings pop-up.

New Multi-Client Dashboard and List View (Multi-Client Users Only)

Users with multiple clients first see the Multi-Client Dashboard when they log into RiskSense. The Multi-Client Dashboard now more closely matches the style and content of Configurable Dashboards. New widgets display data about both hosts and applications on all clients that the user can access. The table listing all clients at the top has become the All Clients page, which shows high-level metrics for each client. Users can click a column header to sort the All Clients page by that column and can export client metrics as a CSV or JSON file. With this update, users can navigate between clients through the All Clients page, the Multi-Client Dashboard, and the client navigation drop-down at the top right of the navigation bar.

Integrations

Qualys WAS Metadata Enhancements

The Operating System from the Qualys WAS scanner is now visible under the Asset Details section and the Generation Datetime is visible under the Recent Scans section of the Applications detail pane. Additional finding information provided by Qualys WAS is visible under the Plugin Details section of the Findings detail pane. For example, the Qualys WAS field Authentication is captured by the Source Status field under Plugin Details in the platform.

Rapid7 AppSpider Metadata Enhancements

The Website IP from Rapid7’s AppSpider scanner is now visible under the Asset Details section of the Applications detail pane. Additional metadata fields have also been captured in the Plugin Details section of the Findings detail pane, including Confidence, HTML Entity Attacked, and Attack Type.

Edgescan Metadata Enhancements

The Scanner Unique ID provided by the Edgescan scanner is now visible in the platform, under the Application Details section of the Application Findings detail pane. Edgescan’s Scanner Details are also now visible in the Output column of both Host and Application Findings.

ServiceNow CMDB Host Lookup Enhancements

Queries to the ServiceNow connector have been optimized for Hosts according to their Network type (hostname- or IP-based).

File Attachments for Ticketing Connectors

The option to attach CSV files to a newly created ticket has been added for the Jira and ServiceNow Service Request connectors.

Additional Filters Added for Reports

Users can now filter the Executive Risk, Detailed Vulnerability, Executive Vulnerability, and Asset Risk reports by Network name.

List View Enhancements

Quick Filter for RiskSense Internal Jobs

On the Jobs list view, a quick filter has been added to the top of the page allowing for one-click filtering out of RiskSense Internal jobs. By default, these jobs will be hidden when a user navigates to the Jobs view.

Host Details Metadata Corrections

Invalid or empty metadata ingestion for Host details will now be hidden in the Host’s detail pane.

Miscellaneous Changes

Character Truncation in Dashboard Widgets

The mouseover shown in the Top 50 High Impact Findings chart has been modified to truncate Plugin IDs or other strings consisting of greater than 45 characters.

Platform Performance Enhancements

Additional compression methods have been put into place for large files in the platform to ensure speedier loading times.

Upgrades to Visual Rendering Libraries

Libraries utilizing jQuery have been upgraded to the latest versions to support a smoother UI experience.

Updated SRS Sorting Option Labels

Users with access to RiskSense’s SRS service may notice updated sorting option names, such as Overall xRS3 Impact, in the Hosts and Host Findings views.

Other Fixed Issues

  • Resolved API Issue: Hosts occasionally failed to appear in the UI after being added to a Network via the corresponding API endpoint.

  • Resolved Reporting Issue: The Executive Vulnerability Report sometimes failed to be exported with the correct Application Findings data when filtered by Group.

  • Resolved Parsing Issue: The RiskSense Generic Uploader failed to recognize a byte-order mark in a CSV file.

  • Resolved Parsing Issue: Findings ingested by the Checkmarx connector were being incorrectly duplicated due to an invalid uniqueness identifier.

  • Resolved UI Issue: the option for SAML authentication did not remain selected for a user with SAML enabled.

  • Resolved UI Issue: Some Application Security widgets did not resize properly when creating a custom dashboard.

  • Resolved UI Issue: Text overflow occurred for certain filter input values on the Application Findings page.

  • Resolved UI Issue: The Groups card view was constrained in size incorrectly by the selected active list view columns.

  • Resolved UI Issue: A manually created application’s Recent Scan data failed to appear correctly in that application’s detail pane.

  • Resolved UI Issue: The date picker in the Connector Creation Wizard sometimes overflowed off-screen.

  • Resolved Dashboard Issue: On load, the CWE Top 25 Most Dangerous Software Errors dashboard chart shows the total number of findings and applications related to any of the CWE Top 25 Programming Errors. The count of findings should match.

  • Resolved Dashboard Issue: Components in some of the configurable dashboard’s KPI charts would overlap with one another, causing visual disruption and uneven spacing.

  • Updated an error message to be more contextual when attempting to export a file in the Configurable Export Wizard with a title containing illegal characters.

Known Issues

  • Users familiar with filtering may expect to see more search operators on the Multi-Client Dashboard and All Clients page. In this release, the Multi-Client Dashboard and All Clients page only support the Exactly or One of Wildcard and Like are expected in a future release.

  • Single column sort for the Port and Threat Count columns on the Host Findings and Application Findings list views are functional but may give an incorrect sort, which will be handled in a future release.

---

To help transition to our new features and schedule training, please contact your Customer Success account manager directly or send a message to [email protected]